Today > | 1 Medium vulnerabilities   -   You can now download lists of IOCs here!

Exploring the Metamorfo Banking Trojan

May 17, 2024, 4:03 p.m.

Description

This report delves into a malware campaign known as Metamorfo, a banking Trojan that spreads through malspam campaigns. It entices users to click on HTML attachments, initiating a series of activities focused on gathering system metadata. The infection chain involves obfuscation techniques, URL evasion tactics, and the downloading of malicious payloads. The malware establishes connections with remote servers, collects sensitive data, disables security measures, performs registry modifications, and persists on the compromised system. The campaign primarily targets North and South American geolocations, aiming to steal victims' financial information and banking credentials.

Date

Published: May 17, 2024, 3:38 p.m.

Created: May 17, 2024, 3:38 p.m.

Modified: May 17, 2024, 4:03 p.m.

Indicators

zfi8ny6yi30s.website

89.117.37.61

89.116.236.122

51.38.235.152

80.211.249.77

38.54.20.37

216.238.70.224

212.46.38.43

192.46.216.151

185.45.195.226

185.185.87.45

172.105.111.154

158.69.110.217

154.223.16.114

149.100.158.179

139.177.193.74

54.39.10.87

86.38.217.167

vqz8.gotdns.ch

jkue.myftp.biz

jan.viewdns.net

baza.alta-bars.ru

avs.myftp.biz

a.3utilities.com

yuphsa6qwtg5.online

z5im1ou9o480se02pro.online

x6vl9710f400g7alstar.online

x50zbqev4po5.online

newlife2020.club

mpy8n37wvwu2now.online

l155vcram2hl6ws0.online

k6ue95v1ca2r.online

albumdepremios.com.br

cevda3jvv5oz1t37.online

6c48ax07dy25hvu0hub.online

4yw2twoy438df9qt.online

2xo0uaqv4cqds331mart.online

09dfwss6g1v73sya.online

ad2.gotdns.ch

Attack Patterns

Metamorfo

TrojanSpy:Win32/Casbaneiro

Metamorfo

T1063

T1578

T1135

T1548

T1113

T1036.005

T1547

T1112

T1562